NVIDIA · ecolternv · Apr 9, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 9, 2026
@@ -48,21 +48,17 @@ This Helm chart deploys the OSMO Backend-Operator for managing compute backend r
 | `global.enableClusterRoles` | Enable cluster roles | `true` |
 | `global.enableNonClusterRoles` | Enable non-cluster roles | `true` |
 
-### Global Network Settings
+### Global NetworkPolicy Settings
+
+When enabled, a `NetworkPolicy` is applied to the workflow namespace (`global.backendNamespace`) that allows unrestricted external internet egress while blocking cross-namespace cluster traffic except to explicitly allowlisted namespaces.
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
-| `global.network.restrictEgress` | Restrict egress traffic for workflow pods | `false` |
-| `global.network.allowlistEgress.enabled` | Enable egress allowlist | `false` |
-| `global.network.allowlistEgress.proxyNamespace` | Proxy namespace | `osmo-squid-proxy` |
-| `global.network.allowlistEgress.proxyReplicas` | Number of proxy replicas | `1` |
-| `global.network.allowlistEgress.additionalAllowedDomains` | Additional allowed domains | `[]` |
-| `global.network.allowlistEgress.sidecarContainers` | Additional sidecar containers | `[]` |
-| `global.network.allowlistEgress.additionalVolumes` | Additional volumes for sidecar containers | `[]` |
-| `global.network.allowlistEgress.hostAliases` | Host aliases for pods | `[]` |
-| `global.network.allowlistEgress.resources.requests.cpu` | CPU requests for allowlist squid proxy server | `2` |
-| `global.network.allowlistEgress.resources.requests.memory` | Memory requests for allowlist squid proxy server | `4Gi` |
-| `global.network.allowlistEgress.resources.limits.memory` | Memory limits for allowlist squid proxy server | `4Gi` |
+| `global.networkPolicy.enabled` | Create the `NetworkPolicy`. When `false`, all egress is unrestricted. | `false` |
+| `global.networkPolicy.clusterCIDRs` | Internal cluster CIDRs (pod CIDR, service CIDR) to exclude from the external egress rule. Required for namespace isolation to be effective. | `[]` |
+| `global.networkPolicy.dnsNamespace` | Namespace containing the cluster DNS service (CoreDNS/kube-dns). Port 53 egress is allowed to pods in this namespace. | `kube-system` |
+| `global.networkPolicy.allowedNamespaces` | Additional namespaces that workflow pods may reach. | `[]` |
+| `global.networkPolicy.additionalEgressRules` | Raw `NetworkPolicyEgressRule` objects appended to the policy. Use for IP-based allowances or DNS workarounds on iptables-based CNIs. | `[]` |
 
 
 ### Global Logging Settings
@@ -198,5 +194,5 @@ This chart requires:
 - Each component can be configured independently with custom resources and settings
 - Includes comprehensive mount monitoring with failure threshold configuration
 - Integrates with OpenTelemetry for observability
-- Configurable network egress controls for security
+- Optional Kubernetes `NetworkPolicy` to restrict cross-namespace egress while permitting external internet traffic
 - Priority classes for workload scheduling optimization
@@ -14,45 +14,59 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-{{- if .Values.global.network.restrictEgress }}
+{{- if .Values.global.networkPolicy.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: osmo-backend-network-policy
+  name: osmo-workflow-network-policy
   namespace: {{ .Values.global.backendNamespace }}
 spec:
-  podSelector: {} # Selects every pod in the namespace
+  podSelector: {}
   policyTypes:
   - Egress
   egress:
-    # Allow egress to public internet only if allowlistEgress is disabled
-    # TODO: resume if block once all running pods have environment variable for proxy set
-    - to:
-      - ipBlock:
-          cidr: 0.0.0.0/0
 
-    # Allow egress to backend namespace
-    - to:
-      - namespaceSelector:
-          matchLabels:
-            kubernetes.io/metadata.name: {{ .Values.global.backendNamespace }}
-    # Allow egress to resolve DNS in kube-system namespace
-    - ports:
-      - port: 53
-        protocol: UDP
-      - port: 53
-        protocol: TCP
-      to:
-      - namespaceSelector:
-          matchLabels:
-            kubernetes.io/metadata.name: kube-system
-    {{- if .Values.global.network.allowlistEgress.enabled }}
-    - to:
-      - namespaceSelector:
-          matchLabels:
-            kubernetes.io/metadata.name: {{ .Values.global.network.allowlistEgress.proxyNamespace }}
-      ports:
-      - port: 3128
-        protocol: TCP
-    {{- end }}
+  # Allow external internet egress, excluding cluster-internal CIDRs.
+  # Without clusterCIDRs set, all egress is allowed (namespace isolation not enforced).
+  - to:
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        {{- if .Values.global.networkPolicy.clusterCIDRs }}
+        except:
+        {{- range .Values.global.networkPolicy.clusterCIDRs }}
+        - {{ . }}
+        {{- end }}
+        {{- end }}
+
+  # Allow intra-namespace egress (pods within the same workflow namespace).
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ .Values.global.backendNamespace }}
+
+  # Allow DNS. Works correctly on Cilium and Calico eBPF. For iptables-based CNIs,
+  # add an explicit ipBlock /32 for the kube-dns service IP via additionalEgressRules.
+  - ports:
+    - port: 53
+      protocol: UDP
+    - port: 53
+      protocol: TCP
+    to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ .Values.global.networkPolicy.dnsNamespace }}
+
+  # Whitelisted namespaces. Note: namespaceSelector matches pod IPs only, not service
+  # ClusterIPs. On iptables-based CNIs, traffic to Services (not pods) in these
+  # namespaces may be blocked. Use additionalEgressRules with an ipBlock for those cases.
+  {{- range .Values.global.networkPolicy.allowedNamespaces }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ . }}
+  {{- end }}
+
+  {{- with .Values.global.networkPolicy.additionalEgressRules }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
 {{- end }}